“Is this true?” Deciphering Internet Scams from Worthy Causes Online

“Help the less fortunate during this holiday season. Give to ‘insert name here’ now!”

“Check out this sad story from Colorado! Can you help?”

We’ve all been moved with compassion when we hear about urgent needs, especially after natural disasters or unfortunate or tragic circumstances. We want to learn more when we receive these types of e-mails, Facebook updates, or text messages.

But can we trust the story? Is the organization asking for money reputable? Or, will the link take you somewhere malicious? For example: here’s an excerpt from a recent top story in the NY Daily News:

A young boy dying of leukemia became a Colorado community’s beacon of bravery, with residents rallying around him on Facebook and the high school football team dedicating a game in his honor.

When he died in late October, the local newspaper ran his obituary.

But the tale of 9-year-old Alex Jordan turned out to be pure fiction, concocted by a 22-year-old identified in reports as Briana Augustenborg, who claimed the boy was a family friend. The lie was exposed when Eagle County community members went to authorities last week—and now those duped are speaking out about the elaborate hoax….

Is This a Phishing Scam?

In some cases, the links we click on can lead to malware being downloaded onto our PCs or even to our identities or credit card information being stolen by hackers. Despite new security software and tools, the overall number of online scams is increasing.

And Internet scams are getting more sophisticated and complex. Recently, the State of Michigan Government received five new fraudulent e-mail campaigns in one day (sent to multiple staff) that we classified as “spear-phishing,” meaning that we were particularly targeted with information that was unique to state employees or a subset of our users. Despite the fact that our spam filters blocks over 90% of incoming e-mails from the Internet, bad links and e-mails still get through sometimes. In fact, are networks are attacked over 100,000 times each day using a variety of techniques.

And home users are under attack as well. One list of the top ten phishing scams from the past few years reveals that fake messages can come from banks, PayPal, or even from legitimate websites that we trust, when the bad guys steal your login credentials and redirect you to the true web portal.

What Can Be Done To Stay Safe?

So how can we protect our families and friends from these malware attacks, misinformation, and fraudulent transactions? What steps can be taken to ensure that our hard-earned dollars are not going to criminals?

1) Be skeptical of all unsolicited e-mails or unverified requests for donations. Sure, Tropical Storm Sandy was real, but have you ever heard of that new organization that is asking for dollars? As recommended in this IRS Consumer Alert article:

“Be wary of charities with names that are similar to familiar or nationally known organizations. Some phony charities use names or websites that sound or look like those of respected, legitimate organizations. The IRS website at IRS.gov has a search feature, Exempt Organizations Select Check, which allows people to find legitimate, qualified charities to which donations may be tax-deductible. Legitimate charities may also be found on the Federal Emergency Management Agency (FEMA) Web site at fema.gov.

Don’t give out personal financial information — such as Social Security numbers or credit card and bank account numbers and passwords — to anyone who solicits a contribution from you. Scam artists may use this information to steal your identity and money.

Don’t give or send cash. For security and tax record purposes, contribute by check or credit card or another way that provides documentation of the gift…”

2) Don’t Click on ‘Phishy’ Links – Whether in e-mail, Facebook, or other social networking website. If you want to give or get involved, get to the website via a Google search or a trusted link that you put in your browser.There are plenty of helpful technical warning signs to watch out for, such as these tips for avoiding phishing scams from Fraud.com:

Protect your computer with spam filters, anti-virus and anti-spyware software, and a firewall, and keep them up to date. A spam filter can help reduce the number of phishing e-mails you get. Anti-virus software, which scans incoming messages for troublesome files, and anti-spyware software, which looks for programs that have been installed on your computer and track your online activities without your knowledge, can protect you against pharming and other techniques that phishers use. Firewalls prevent hackers and unauthorized communications from entering your computer – which is especially important if you have a broadband connection because your computer is open to the Internet whenever it’s turned on. Look for programs that offer automatic updates and take advantage of free patches that manufacturers offer to fix newly discovered problems. Go to www.onguardonline.gov and www.staysafeonline.org to learn more about how to keep your computer secure.

Only open e-mail attachments if you’re expecting them and know what they contain. Even if the messages look like they came from people you know, they could be from scammers and contain programs that will steal your personal information.

If someone contacts you and says you’ve been a victim of fraud, verify the person’s identity before you provide any personal information.

3) When in doubt regarding rumors or ridiculous claims online, research the cause online with Google search or go to websites like Snopes.com or Hoax-slayer to check the facts. There is no doubt that one of the biggest threats to users is that they click first and ask questions later. We need to be stopping and thinking before we connect or click. Stopthinkconnect.org is another great resource to learn how to respond to Internet opportunities in appropriate ways.

In conclusion, the Internet is always changing, so we need to constantly be learning. The Bible urges us to be “Smart as snakes and innocent as dove.” This decree applies to online life as well. Don’t be fooled by online tricks. Be a leader in enabling your family and friends to surf your values and be online ambassadors for good.

About the author, Daniel Lohrmann

Dan Lohrmann is an internationally recognized Internet and computer security expert. Currently, Mr. Lohrmann works as the CSO for the state of Michigan. For seven years he served as the Chief Information Security Officer for the Michigan government. He started his career in the National Security Agency, and later worked in England for seven years with Lockheed Martin followed by Mantech International. Dan holds a Master's Degree in Computer Science (CS) from Johns Hopkins University in Baltimore, Maryland, and a Bachelor's Degree in CS from Valparaiso University in Indiana. He is the author of Virtual Integrity: Faithfully Navigating the Brave New Web.